Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. "DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in Kernel 5.2: 05.27.21. Kernel 5.3: 05.36.21. Kernel 5.4: 05.44.21. Kernel 5.5: 05.52.21 https://www.insyde.com/security-pledge/SA-2022044
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf | |
https://www.insyde.com/security-pledge | Vendor Advisory |
https://www.insyde.com/security-pledge/SA-2022044 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2022-11-15 00:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-31243
Mitre link : CVE-2022-31243
CVE.ORG link : CVE-2022-31243
JSON object : View
Products Affected
insyde
- kernel
CWE
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition